Release Notes: A security issue (CAN-2005-2700) has been fixed where "SSLVerifyClient require" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the global virtual host configuration.

Release Notes: This version was ported to the OpenSSL 0.9.8 API.
Connection timeout handling was fixed. The
ca-bundle.crt file from Mozilla's "certdata.txt"
was updated. Timeout handling in POST request
processing was fixed. A double-definition of
OPENSSL_free under OpenSSL 0.9.6 was fixed.

Release Notes: This version upgrades to Apache 1.3.29 and fixes a few
bugs. It avoids memory corruption in certificate handling
caused by a heap memory double-freeing situation,
allows the "HTTPS" variable to be passed through by
suEXEC, clears the OpenSSL error code in the pass
phrase reading code, reverts the recent change where
ap_cleanup_for_exec() called
ap_kill_alloc_shared(), and correctly checks for
SSL_R_HTTP_REQUEST.